Before diving into his advice for organizations during the Technology Association of Iowa’s cyber webinar last Friday, Jim Sherlock wanted to clear the air with attendees.
“Of course I’m really a good person who grew up in Iowa with great values. I would never do anything unethical, and I certainly hope that you don’t take anything you learn today and do the opposite,” Sherlock, director of information security and technology implementation at Pearson, told his virtual audience.
With that out of the way: What are Iowa companies’ most vulnerable points of attack? Below, Sherlock outlines four strategies most cyberattackers would use to identify and compromise cloud servers at organizations of any size.
TARGET THE HUMAN
The first attack to any organization is the easiest attack: phishing emails to staff members.
“All it takes is one person to fall down, and with the amount of data that exists on social media and LinkedIn, it’s not that difficult for me to figure out which humans I would want to target,” Sherlock said.
Remedy: Require multifactor authentication with an authenticator app or key instead of solely relying on passwords.
“You’ve got to get away from passwords. Get on multifactor authentication. We have to stop relying on passwords here,” Sherlock said.
IDENTIFY VULNERABLE SERVERS
Every internet-connected device is searchable online — from work laptops and cellphones to refrigerators and lightbulbs — using tools like Shodan.io, an engine tool that crawls the internet indexing new devices into a searchable format. Many organizations also use applications developed from source code publicly available on GitHub, which might have hard-coded access credentials within a project.
“It’s trivial for someone with even no coding experience to go in and use a tool like Shodan to discover tens or hundreds of web server devices associated with your organization, and also find out any vulnerabilities associated with that,” Sherlock said. “If you have a database open to the world with a default password, Shodan’s going to have that information. Hackers use that to make the next move.”
Remedy: Maintain up-to-date patches on all servers and internet-connected devices. Take advantage of tools like Shodan or Gitleaks to monitor your own organization’s vulnerabilities, and see what an attacker might leverage.
FIND THE WEAKEST ENTRY POINT
The longer an organization has been building its cloud system, the more likely that cloud is to have broad access into all the organization’s operating servers. Attackers only need to identify and compromise the weakest public-facing server — once inside, most attackers will have access to the rest of the network, Sherlock said.
Remedy: Reinforce the organization’s detection system of unauthorized entries.
FLOOD TARGET WITH TRAFFIC
When all else fails, “I would do what any good hacker would do: I’ll throw as much traffic at you as I can,” Sherlock said. Distributed denial-of-service attacks (known as DDoS) use other compromised computer systems to disrupt one organization’s server and effectively shut down its ability to respond to traffic.
Remedy: Major cloud providers are very familiar with DDoS strategies, and services are available to detect and block extreme traffic volume.
